Source: heimdalsecurity.com – Author: Gabriella Antal
Several cybersecurity agencies have collaborated to release a comprehensive guide to address the increasing threat posed by the malicious use of remote access software.
US Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Israel National Cyber Directorate (INCD) published the guide on Tuesday.
According to the document, managing and monitoring networks, computers, and devices remotely is vital for organizations. A proactive approach to troubleshooting, maintenance, and backup operations is possible with this flexible and efficient IT and operational technology (OT) management approach.
However, these capabilities make it an attractive tool for malicious actors to exploit, potentially compromising businesses and systems.
According to the document, remote access software allows IT/OT teams to detect anomalous network or device issues early and proactively monitor them.
Cyber threat actors are increasingly co-opting these same tools to gain access to victims’ systems easily and widely.
This guide provides insight into these techniques by highlighting the common exploitations and associated tactics, techniques, and procedures (TTPs) used by threat actors to leverage remote access software.
In addition to sophisticated phishing campaigns, social engineering tricks, and exploiting software vulnerabilities, weak passwords can also be used.
“RMM software, in particular, has significant capabilities to monitor or operate devices or systems as well as attain heightened permissions, making it an attractive tool for malicious actors to maintain persistence and move laterally on compromised networks,” the agencies wrote.
Organizations must establish a security baseline and be familiar with the expected software behavior to effectively detect abnormal and malicious activities.
In addition to implementing a robust risk management strategy based on established standards, organizations should regularly monitor remote access software using endpoint detection and response tools.
CISA also published a report in January warning network defenders about the malicious use of legitimate RMM software tools. Its publication follows a separate effort CISA conducted in January to warn network defenders about the harmful use of legitimate RMM software tools.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
If you liked this post, you will enjoy our newsletter.
Get cybersecurity updates you’ll actually want to read directly in your inbox.
Original Post URL: https://heimdalsecurity.com/blog/the-importance-of-securing-remote-access-insights-from-cisas-latest-guide/
Category & Tags: Cybersecurity News – Cybersecurity News
